<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>Skipfish Package Description</h2>
<p style="text-align: justify;">Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.</p>
<p>Key features:</p>
<ul>
<li>High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.</li>
<li>Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.</li>
<li>Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.</li>
</ul>
<p>Source: https://code.google.com/p/skipfish/<br>
<a href="http://code.google.com/p/skipfish/" variation="deepblue" target="blank">Skipfish Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/skipfish.git;a=summary" variation="deepblue" target="blank">Kali Skipfish Repo</a></p>
<ul>
<li>Author: Google Inc, Michal Zalewski, Niels Heinen, Sebastian Roschke</li>
<li>License: Apache-2.0</li>
</ul>
<h3>tools included in the skipfish package</h3>
<h5>skipfish – Fully automated, active web application security reconnaissance tool</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="7c0e1313083c171d1015">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# skipfish -h<br>
skipfish web application scanner - version 2.10b<br>
Usage: skipfish [ options ... ] -W wordlist -o output_dir start_url [ start_url2 ... ]<br>
<br>
Authentication and access options:<br>
<br>
  -A user:pass      - use specified HTTP authentication credentials<br>
  -F host=IP        - pretend that 'host' resolves to 'IP'<br>
  -C name=val       - append a custom cookie to all requests<br>
  -H name=val       - append a custom HTTP header to all requests<br>
  -b (i|f|p)        - use headers consistent with MSIE / Firefox / iPhone<br>
  -N                - do not accept any new cookies<br>
  --auth-form url   - form authentication URL<br>
  --auth-user user  - form authentication user<br>
  --auth-pass pass  - form authentication password<br>
  --auth-verify-url -  URL for in-session detection<br>
<br>
Crawl scope options:<br>
<br>
  -d max_depth     - maximum crawl tree depth (16)<br>
  -c max_child     - maximum children to index per node (512)<br>
  -x max_desc      - maximum descendants to index per branch (8192)<br>
  -r r_limit       - max total number of requests to send (100000000)<br>
  -p crawl%        - node and link crawl probability (100%)<br>
  -q hex           - repeat probabilistic scan with given seed<br>
  -I string        - only follow URLs matching 'string'<br>
  -X string        - exclude URLs matching 'string'<br>
  -K string        - do not fuzz parameters named 'string'<br>
  -D domain        - crawl cross-site links to another domain<br>
  -B domain        - trust, but do not crawl, another domain<br>
  -Z               - do not descend into 5xx locations<br>
  -O               - do not submit any forms<br>
  -P               - do not parse HTML, etc, to find new links<br>
<br>
Reporting options:<br>
<br>
  -o dir          - write output to specified directory (required)<br>
  -M              - log warnings about mixed content / non-SSL passwords<br>
  -E              - log all HTTP/1.0 / HTTP/1.1 caching intent mismatches<br>
  -U              - log all external URLs and e-mails seen<br>
  -Q              - completely suppress duplicate nodes in reports<br>
  -u              - be quiet, disable realtime progress stats<br>
  -v              - enable runtime logging (to stderr)<br>
<br>
Dictionary management options:<br>
<br>
  -W wordlist     - use a specified read-write wordlist (required)<br>
  -S wordlist     - load a supplemental read-only wordlist<br>
  -L              - do not auto-learn new keywords for the site<br>
  -Y              - do not fuzz extensions in directory brute-force<br>
  -R age          - purge words hit more than 'age' scans ago<br>
  -T name=val     - add new form auto-fill rule<br>
  -G max_guess    - maximum number of keyword guesses to keep (256)<br>
<br>
  -z sigfile      - load signatures from this file<br>
<br>
Performance settings:<br>
<br>
  -g max_conn     - max simultaneous TCP connections, global (40)<br>
  -m host_conn    - max simultaneous connections, per target IP (10)<br>
  -f max_fail     - max number of consecutive HTTP errors (100)<br>
  -t req_tmout    - total request response timeout (20 s)<br>
  -w rw_tmout     - individual network I/O timeout (10 s)<br>
  -i idle_tmout   - timeout on idle HTTP connections (10 s)<br>
  -s s_limit      - response size limit (400000 B)<br>
  -e              - do not keep binary responses for reporting<br>
<br>
Other settings:<br>
<br>
  -l max_req      - max requests per second (0.000000)<br>
  -k duration     - stop scanning after the given duration h:m:s<br>
  --config file   - load the specified configuration file<br>
<br>
Send comments and complaints to &lt;<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="ea828f83848f8484aa8d85858d868fc4898587">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>&gt;.</code>
<h3>skipfish Usage Example</h3>
<p>Using the given directory for output <b><i>(-o 202)</i></b> , scan the web application URL <b><i>(http://192.168.1.202/wordpress)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="62100d0d162209030e0b">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# skipfish -o 202 http://192.168.1.202/wordpress<br>
<br>
skipfish version 2.10b by <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="412d22202c35342701262e2e262d246f222e2c">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script><br>
<br>
  - 192.168.1.202 -<br>
<br>
Scan statistics:<br>
<br>
      Scan time : 0:00:05.849<br>
  HTTP requests : 2841 (485.6/s), 1601 kB in, 563 kB out (370.2 kB/s)  <br>
    Compression : 802 kB in, 1255 kB out (22.0% gain)    <br>
    HTTP faults : 0 net errors, 0 proto errors, 0 retried, 0 drops<br>
 TCP handshakes : 46 total (61.8 req/conn)  <br>
     TCP faults : 0 failures, 0 timeouts, 16 purged<br>
 External links : 512 skipped<br>
   Reqs pending : 0          <br>
<br>
Database statistics:<br>
<br>
         Pivots : 13 total, 12 done (92.31%)    <br>
    In progress : 0 pending, 0 init, 0 attacks, 1 dict    <br>
  Missing nodes : 0 spotted<br>
     Node types : 1 serv, 4 dir, 6 file, 0 pinfo, 0 unkn, 2 par, 0 val<br>
   Issues found : 10 info, 0 warn, 0 low, 8 medium, 0 high impact<br>
      Dict size : 20 words (20 new), 1 extensions, 202 candidates<br>
     Signatures : 77 total<br>
        <br>
[+] Copying static resources...<br>
[+] Sorting and annotating crawl nodes: 13<br>
[+] Looking for duplicate entries: 13<br>
[+] Counting unique nodes: 11<br>
[+] Saving pivot data for third-party tools...<br>
[+] Writing scan description...<br>
[+] Writing crawl tree: 13<br>
[+] Generating summary views...<br>
[+] Report saved to '202/index.html' [0x7054c49d].<br>
[+] This was a great day for science!</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
